Lucene search
K

94 matches found

SUSE CVE
SUSE CVE
added 2026/05/27 3:5 a.m.14 views

SUSE CVE-2025-27152

axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue...

7.5CVSS6.3AI score0.00759EPSS
Exploits1References6
NVD
NVD
added 2026/05/24 11:16 a.m.14 views

CVE-2026-9372

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

7.5CVSS0.00278EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/24 10:0 a.m.17 views

CVE-2026-9372 ItzCrazyKns Vane Model Provider API route.ts server-side request forgery

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

7.5CVSS0.00278EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/24 10:0 a.m.10 views

CVE-2026-9372 ItzCrazyKns Vane Model Provider API route.ts server-side request forgery

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

7.5CVSS6.7AI score0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.15 views

PT-2026-42933

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

7.5CVSS6.7AI score0.00278EPSS
Exploits0References5
OSV
OSV
added 2026/05/19 8:9 p.m.6 views

GHSA-QG89-QWWH-5F3J SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl

Resolution SillyTavern 1.18.0 added a generic server-side request filter Private Request Whitelisting. Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance is...

8.5CVSS6AI score0.00866EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 6:27 p.m.7 views

GHSA-GF43-24G3-5HW2 Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation

Summary ApostropheCMS's password reset flow constructs the reset URL using req.hostname, which is derived directly from the attacker-controlled HTTP Host header when apos.baseUrl is not explicitly configured. An unauthenticated attacker who knows a victim's email address can send a crafted reset...

8.1CVSS5.8AI score0.0025EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 12:18 a.m.10 views

Prototype Pollution

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution when the Object.prototype has been polluted via a different exploit. The following properties in the HTTP adapter configuration may be manipulated, as...

9.1CVSS6.3AI score0.00549EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/28 6:30 a.m.8 views

BigSweetPotatoStudio HyperChat has a Server-Side Request Forgery issue

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/04/28 6:30 a.m.5 views

GHSA-R2JQ-4H3X-RFJ6 BigSweetPotatoStudio HyperChat has a Server-Side Request Forgery issue

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.3CVSS6.8AI score0.00278EPSS
Exploits0References6
NVD
NVD
added 2026/04/28 4:16 a.m.6 views

CVE-2026-7223

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS0.00278EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/28 4:0 a.m.3 views

CVE-2026-7223 BigSweetPotatoStudio HyperChat AI Proxy Middleware aiProxyMiddleware.mts fetch server-side request forgery

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/28 4:0 a.m.3 views

CVE-2026-7223

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 4:0 a.m.3 views

EUVD-2026-25980

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 4:0 a.m.16 views

CVE-2026-7223

CVE-2026-7223 affects BigSweetPotatoStudio HyperChat (up to 2.0.0-alpha.63) in the AI Proxy Middleware, specifically the fetch function in packages/core/src/http/aiProxyMiddleware.mts. The issue results from manipulation of the baseurl argument, enabling server-side request forgery. The attack is...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35655

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References9
NVD
NVD
added 2026/04/26 6:16 a.m.12 views

CVE-2026-7021

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

5.1CVSS0.0018EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/26 5:30 a.m.9 views

EUVD-2026-25696

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

5.1CVSS4.8AI score0.0018EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/26 5:30 a.m.4 views

CVE-2026-7021

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

5.1CVSS4.9AI score0.0018EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/26 5:30 a.m.5 views

CVE-2026-7021 SmythOS sre Connector Service utils.ts information disclosure

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

5.1CVSS4.8AI score0.0018EPSS
Exploits0References4
Rows per page
Query Builder